Improvements to NT features for the enterprise and the workstation make NT 5.0 a good upgrade for all customers

Windows NT is once again advancing--this time, from version 4.0 to version 5.0. Both Microsoft's marketing department and Bill Gates have claimed that Microsoft is betting the farm on NT 5.0. After working extensively with the NT 5.0 beta 1 release, I think that bold bet makes a lot of sense. NT 5.0 might be the most important upgrade in NT's history.

Most of NT 5.0's enhancements specifically target server users. NT 5.0 shakes up the underpinnings of the NT operating system to accommodate new server features and different ways of managing and working with the system. However, the NT upgrades don't neglect workstations; NT 5.0 includes improvements for all NT customers. Here are 10 reasons why I'll be the first in line to purchase the shrink-wrapped code.

REASON #1: Directory Services
A major innovation in NT 5.0 is its new directory service, Active Directory (AD). AD radically changes account management in NT. AD gets many of its features from the X.500 and Domain Name System (DNS) standards. To locate directory objects, AD uses the DNS protocol, and to access the objects, AD uses the Lightweight Directory Access Protocol (LDAP). Because NT 5.0 uses DNS, NT 5.0 applications will not require NetBIOS or its name resolver, the Windows Internet Naming Service (WINS), although NT 5.0 will support the WINS protocol to ensure that the OS is compatible with legacy networks. NT 5.0's default networking protocol is TCP/IP.

AD offers a simple, logical naming structure. With AD, you can change the names of the objects in your directory from the nondescript, often cryptic names the OS gives objects.

NT 5.0's multimaster replication system keeps AD directories up-to-date and eliminates NT's reliance on Primary Domain Controllers (PDCs) and Backup Domain Controllers (BDCs). The replication system stores a copy of the entire network directory on each of the network's domain controllers. Administrators can change directory information from any domain controller, and the system will replicate the change to the network's other domain controllers. NT 5.0 simplifies upgrading a server's status on the network. Previous versions of NT required you to completely reinstall NT to upgrade a standard server to a PDC. But in NT 5.0, you need only to add the necessary service to the system to upgrade a server.

NT 5.0 comes with Microsoft's Distributed File System (Dfs), which helps users find data on a network more easily. Instead of spreading files and programs across multiple disk volumes, Dfs consolidates everything into one directory tree. The tree can include file shares on multiple servers located around the world. Its directories can take on descriptive names containing up to 256 characters.

By including AD and Dfs in NT 5.0, Microsoft has upgraded the heart of the NT OS. These features simplify account management and promise to make your life a little easier.

REASON #2: Security
As increasing numbers of NT machines access the Internet, NT users more frequently face security-related problems. NT 5.0 includes some new security features to keep your data safe.

First, NT 5.0 replaces the old NT LAN Manager (NTLM) authentication protocol with the Kerberos 5 security module. Kerberos uses a shared-secret key (i.e., two parties share the key that verifies user identities) to handle authentication. Shared-secret keys help prevent hackers from getting to your data by letting only users with the necessary keys access protected information. NT 5.0 uses Kerberos as the system's main security manager.

Second, the new IP Security Management package acts as a mini-firewall that safeguards your data against intruders from the Internet. The IP Security Management tools prevent packet sniffers from ascertaining the contents of IP packets you send across your internal network by encrypting every packet.

Third, NTFS 5 offers file-level encryption. When you upgrade NTFS 4 volumes to NTFS 5, the directories automatically inherit file-level encryption. File-level encryption is always superior to application-level encryption because file-level encryption is easier to implement. (If you have used an application-level encryption program, such as Pretty Good Privacy--PGP--you know how difficult accessing encrypted files can be.) NT 5.0's encryption format resembles NTFS compression. NT 5.0 looks at encryption as a file attribute. If a directory structure's encryption attribute is active, NT 5.0 automatically encrypts each of that directory's new files with a unique encryption key. Each file keeps this encryption attribute, even when you move the file to another directory. NT 5.0 lets you encrypt and decrypt files from Windows Explorer or from the command line.

NTFS's file encryption technology uses CryptoAPI architecture and relies on public-key encryption. During file encryption, the system assigns the file a randomly-generated key and stores the key independently of the public and private keys of the user who created the file. This method of generating and storing file keys reduces the chance of someone using cryptanalysis tools to crack the file keys' encryption code. NTFS now uses the Data Encryption Standard (DES) as the default encryption algorithm, but future releases of NTFS will let users choose alternative encryption formats.

Through file-level encryption, Kerberos 5, and the IP Security Management package's mini-firewall, NT 5.0 creates an impressively secure system. Data in NT 5.0 is safer than it has been in any NT version to date.

REASON #3: Network Management
NT is well-known for letting administrators customize the OS. However, the customization tools that Microsoft has distributed with NT before version 5.0 are separate applications. For example, if you want to change your drive letters in NT 4.0, you open the Disk Administrator. If you want to check auditing features, you use the Event Viewer, and if you need to add new users to the network, you launch the User Manager for Domains. NT 5.0 consolidates the User Manager, Disk Administrator, and other administration utilities into the Microsoft Management Console (MMC).

MMC serves as a centralized host for many administration programs. Tools such as the Event Viewer are snap-ins that fit within the MMC architecture. Screen 1 shows MMC's System Monitor graph. By using an extensible architecture, NT 5.0 theoretically lets administrators load third-party snap-ins into MMC. This centralization saves administrators from having to hunt for administration programs through separate system directories. Many utility vendors are working on beta versions of tools that will integrate into the MMC framework. In addition, MMC supports Web page displays that contain information about applications (such as bug reports and workarounds) and links to product updates.

NT 5.0 includes an enhanced version of NTBackup. NTBackup can now back up data not only to tape drives, but to Zip, Jaz, SyJet, and CD-recordable drives.

NT 5.0 supports disk quotas, a feature most administrators have drooled over for years. Disk quotas let you cap the amount of disk space users can take up. NT 5.0 lets you assign a quota to one user or a group of users. For example, you can impose a 5MB limit for all users' storage. When users exceed the quota, they receive a message asking them to delete unnecessary files, and NT writes a message in the event logs.

Finally, NT 5.0 improves NT systems administration by supporting junction points. Historically, Windows has limited PCs to 26 volumes: one volume for every letter of the alphabet. In NT 5.0, Microsoft uses junction points to reroute volume letters to directory structures. Suppose N: on your file server acts as an application repository. Rather than mapping N: to a local drive letter, NT 5.0 users can map the applications in N: to a directory, such as E:\apps. This frees up a drive letter on the local machine and makes the applications easier to access because users can log on to a logically named directory, rather than hunting through multiple volumes.

NT 5.0's network management enhancements are a great reason to make the upgrade. These tools eliminate out-of-control user storage, offer more backup options, and save you from searching for management tools through multiple directories.

REASON #4: Hardware Usage
An important enhancement to the NT OS is the addition of 64-bit Very Large Memory (VLM) support, which lets 64-bit processors access up to 32GB of RAM. In contrast, 32-bit memory addressing architecture, which governs OS memory resource access, handles up to only 4GB of RAM. You may not have the hardware necessary to take advantage of this feature, but NT 5.0's VLM support prepares the system for the future, particularly for Intel's 64-bit Merced system.

NT 5.0 also includes support for Plug and Play (PnP) technology. My rudimentary testing shows that NT's implementation of PnP is more accurate at detecting hardware than the PnP in Windows 95 and even the beta 2 release of Windows 98. PnP makes NT's hardware detection extremely accurate. I installed NT 5.0 on a machine that houses some pretty eccentric hardware, and the Setup program detected my ISA SCSI adapters, NICs, and even an ancient ET4000 video card.

The beta 1 release of NT 5.0 lacks reliable PnP support for hot-swapping; sometimes hot-swapping works, and sometimes it crashes the system. However, Microsoft claims that the final release of NT 5.0 will handle hot-swapping as well as Win95 does today. You might consider that claim good or bad, depending on your experience with PnP.

NT 5.0 adds new devices to NT's Hardware Compatibility List (HCL), including the latest Universal Serial Bus (USB), Digital Video Disc (DVD), and FireWire (IEEE 1394) peripherals. Microsoft has transported Win95's Device Manager interface to NT 5.0. The Device Manager helps you diagnose and eliminate device conflicts. Screen 2 shows the Device Manager's display of the hierarchical structure of my NT machine's hardware.

The new NT will help you keep track of the hardware you have, hot-swap the hardware you need, run more hardware than you could before, and even troubleshoot hardware problems when they arise. NT 5.0's improved hardware support will help you use your physical resources to their fullest.

REASON #5: Portability
NT has a reputation for not running well on notebooks. However, NT 5.0 increases the system's portability.

NT 5.0 improves NT's power management features. In the past, Microsoft has provided minimal support for the Advanced Power Management (APM) feature, so using NT 4.0 on a notebook often has meant racing to finish your work before the battery dies. NT 5.0 solves this problem by including full support for the new Advanced Configuration and Power Interface (ACPI) standard. ACPI is a more intelligent version of APM. An ACPI-compliant OS can selectively shut down certain components of a notebook and wake up other components as you need them. For example, PC Cards drain the notebook's battery even when you aren't using the devices. ACPI can shut down the PC Card subsystem when you're not using it. This capability gives your battery a longer life.

For notebooks that don't support ACPI, NT 5.0 includes an enhanced APM system similar to Win95's power management features. When I installed NT Workstation 5.0 on an IBM ThinkPad, a battery meter in the system tray showed me how much power my machine had left. A Suspend option in the Start menu lets NT spin down the hard disk and turn off the active matrix display when you aren't using the machine (a feature I found particularly useful because my ThinkPad takes a long time to boot NT).

NT 5.0 includes a hibernation feature. When the system enters hibernation mode, the hibernation program takes a snapshot of everything in memory (both physical and virtual) and writes that information to an image file on the hard disk. The hibernation program then powers down the system. The next time you turn on your computer, NT 5.0 loads the image file into the machine's memory, and the OS returns to its state before hibernation.

PnP makes PC Cards hot-swappable. Changing PC Cards in previous versions of NT is an arduous process that requires you to shut down the system and restart it every time you add a new card. PnP lets a system immediately recognize and activate cards you plug in to a notebook while the machine is running.

With its battery-saving features and PC Card hot-swapping capabilities, NT 5.0 catches up to notebook users' needs. Microsoft has finally created a portable NT.

REASON #6: Compatibility
One of NT 4.0's fundamental problems is the system's lack of support for Win95. Users who want to upgrade their Win95 machines to NT Workstation 4.0 must install NT in a separate directory, then reinstall all their applications in NT. In contrast, users can install NT 5.0 on top of an existing Win95 installation and painlessly migrate the settings to NT. You don't have to reinstall all your applications when you upgrade. The beta 1 release can install only over Win95 build 950, but Microsoft says that the final release of NT 5.0 will install over both Win95 OEMSR2 and Win98.

NT 5.0 resolves the driver compatibility problem between Win95 and NT. NT 5.0's Windows Driver Model (WDM) lets hardware vendors write one driver that can run on both Windows OSs. The down side of this upgrade is that legacy devices don't fall under the WDM umbrella. The driver model architecture primarily benefits newer hardware, such as USB devices. Nevertheless, NT 5.0's compatibility with Win95 brings NT out of isolation, a feature you can't ignore if your company runs both Windows OSs.

REASON #7: Integrated Internet
NT 5.0 brings users closer to the Internet by integrating Internet Explorer (IE) 4.0 into the desktop and including an improved email client and Web conferencing software. My experience with IE 4.0 indicates that it is a good browser. Its new features include channel support (Microsoft's proprietary push technology) and a more detailed history list.

NT 5.0 replaces the outdated and downright hostile Microsoft Exchange Client (i.e., Windows Messaging Client) with a full-featured mail client called Outlook Express. Screen 3 shows the Outlook Express interface. Within a day of installing Outlook Express, I imported my settings from Eudora and Outlook and began to use Outlook Express for all my email correspondence. Outlook Express provides all the features I need and more.

In addition to email support, Outlook Express includes newsgroup functionality. This feature gives users one interface from which to communicate over the Internet. Outlook Express uses the LDAP protocol to search for email addresses, letting users conduct email address searches through a standard system. By default, Outlook Express plows through seven public email directories when you conduct a search, and you can add customized databases to the address book.

Outlook Express provides a global address directory that you can use in every application that explicitly supports the directory. Although this global directory might annoy some Personal Information Manager (PIM) vendors, having one address book for all your applications is extremely convenient.

NT 5.0 includes an updated version of NetMeeting, a conference tool similar to ICQ and Powwow that lets you communicate with other users over the Internet. NetMeeting includes features from voice and video conferencing to whiteboard diagramming. These features may sound fairly standard, but NetMeeting lets users handle collaborative work across platforms. You've probably worked with shared applications between Windows machines. Working with someone else's copy of Word or Excel via a remote control program from your NT machine isn't terribly impressive. But what if you could work with a program running on a Linux or Solaris computer? Because NetMeeting is also available for UNIX platforms, users on non-Windows platforms can remotely control Windows applications as if they were running those applications natively. That's impressive thin-client technology.

If you've been asking for a simple and powerful one-stop solution for Internet access, then look no further than Outlook Express. Outlook Express seamlessly integrates the Internet into the NT OS.

REASON #8: User Interface
Microsoft has revamped NT's user interface (UI). You've probably heard the rhetoric about IE 4.0 bridging the gap between local and network resources, so I won't rehash it all. I will say that by making IE 4.0's Active Desktop the default UI for all new versions of Windows, Microsoft has created a steep learning curve for users. Accessing local resources as you would access network resources is disconcerting at first. Nevertheless, once I got used to the new UI, I found the Active Desktop interface to be logical and easy to use. (IE 4.0's Active Desktop is the third UI in as many releases of NT.)

Initially, Active Desktop doesn't look very different from Windows Explorer. Screen 4 shows Active Desktop. You still switch between running applications by clicking their buttons on the taskbar, and Active Desktop stores your programs on the Start menu. However, when you look at the desktop more closely, you'll notice some subtle similarities between the UI and Internet browsers. For example, Active Desktop underlines icon names to signify their link to files or applications, and rather than double-clicking an icon to open a folder or program, you single-click it. In addition, Active Desktop builds directory folders in HTML. This use of HTML lets you make folder names as long as you want them to be. You can make information easier for users to find by using descriptions of your folders' contents as the folders' names.

Active Desktop includes Active Components, or HTML code that resides on the desktop. Rather than requiring you to load the content of a Web page through a Web browser, Active Components let you display and interact directly with dynamic data on the desktop. Using Active Components, you can have a news ticker running across the top of your desktop and a box on the right side of the screen that displays the latest sports scores. In NT 5.0, Microsoft has made Internet broadcasting look feasible.

So far, Microsoft has made about 20 Active Components available. These components range from the important (stock tickers and weather maps) to the ridiculous (a 3D, Java-based clock that is extremely difficult to read). By including Active Components in NT, Microsoft has brought the computing world a little closer to the mass media world. The merger of these two worlds is interesting, but not unequivocally positive. Active Components can be informational resources or distracting eyesores. The last thing I need to see at 8:00 a.m. is a dancing Tamagotchi begging for attention.

The most problematic part of Microsoft's use of Active Desktop as NT 5.0's main UI is that Microsoft has replaced the well-tested explorer.exe with the relatively immature iexplore.exe. My IE 4.0 browser crashed several times during testing, and because the browser and the desktop are now one, my desktop crashed every time.

Despite my reservations about Active Desktop's executable and the hesitation you are likely to express when you first face the system's new UI, Active Desktop takes a huge step toward the future of OSs. This UI opens up exciting possibilities for systems administrators and end users.

REASON #9: Multimedia Capabilities
NT 5.0 provides multimedia capabilities that rival the capabilities of Win95 systems. Microsoft has removed DirectX from NT and installed the program as a separate component. Users of previous versions of NT have to use back-level versions of Microsoft's multimedia extensions because their OS doesn't support new products. My NT 4.0 workstation currently runs DirectX 3.0, even though my Win95 machine uses the latest and greatest DirectX 5.0. The final release of NT 5.0 will ship with DirectX 5.0, and the OS will support future versions of DirectX.

NT 5.0 includes Direct3D, which will let game players use 3D accelerators in NT. And NT 5.0 supports Intel's Multimedia Extensions (MMX) technology, which should boost multimedia performance. If you've ever rebooted to Win95 to attain maximum multimedia performance, you'll find NT 5.0's multimedia components a compelling reason to use the new OS.

REASON #10: Scripting
Finally, NT 5.0 includes native support for a scripting language, a feature that the NT community has repeatedly requested. Microsoft has made Perl and REXX interpreters available in the past, but those languages don't integrate tightly enough with the OS for administrators to use them as automation tools. To solve this problem, Microsoft has added the Windows Scripting Host (WSH) to NT 5.0. WSH is a shell that supports multiple scripting languages. WSH can parse and execute Visual Basic (VB) scripts and Java scripts, and WSH exposes several APIs, so developers can create ActiveX-based scripting engines for other languages.

In less than an hour, I used VB 5.0 to create scripts in WSH that automate frequently used UI functions, such as connecting to shares on the network. You can execute the scripts you create from the command line or from Windows Explorer. When you have begun to deploy WSH-based scripts, you'll wonder how you got by without the program.

The Final Judgment
In its current state, NT Workstation 5.0 isn't compelling enough to use full time. From a usability standpoint, you would have trouble telling the difference between NT 5.0 Beta 1 and NT 4.0 with IE 4.0. Microsoft plans to add more features to the code; the company promises the beta 2 release will be a feature upgrade beta, rather than a developer's release. But NT 4.0 customers can already access the biggest enhancement NT 5.0 makes to the workstation OS: IE 4.0.

At the same time, I can't wait to upgrade to the final release of NT Server 5.0. AD makes network management much easier. Kerberos 5, the IP Security Management package, and NTFS 5 make data more secure. The MMC consolidates administrative tools. In addition, the system includes utilities such as Microsoft Transaction Server (MTS) and Internet Information Server (IIS), which make NT 5.0 an even better OS for managing large enterprises.